How to increase file upload size in ASP.NET Core

ASP.NET Core 2.0 enforces 30MB (~28.6 MiB) max request body size limit, be it Kestrel and HttpSys. Under normal circumstances, there is no need to increase the size of the HTTP request. But when you are trying to upload large files (> 30MB), there is a need to increase the default allowed limit. In this short post, we’ll see how to increase file upload size in ASP.NET Core application and various options to control this restriction.

Increase file upload size in ASP.NET Core

If you are also looking for file upload solution in ASP.NET Core, here are some useful post.

As we know ASP.NET Core applications are platform independent so you can host them on Windows, Linux or Mac platform. In other words, you may host the application on IIS, Ngnix and Apache web server. Kestrel is a cross-platform web server for ASP.NET Core and that’s included by default in ASP.NET Core project templates. Kestrel can be used as a standalone server or with a reverse proxy server, such as IIS, Nginx, or Apache.

There is no single solution which covers all deployment options to increase the request size limit. The solution differs based on the deployment options. We may have following deployment options,

Hosted on IIS (with Kestrel or without Kestrel)

Hosted on Kestrel (as standalone or with Ngnix and Apache server)

Hosted on IIS

Remember in the ASP.NET, we used to set maxRequestLength in web.config file to increase the default limit of 4MB. Like,

Similarly, for ASP.NET Core application, we can increase the default limit of 30MB by setting maxAllowedContentLength property in the web.config file. The default ASP.NET Core application template doesn’t create the web.config file. It is created when you publish the application. However, you can also add it manually (if not present) to the root of the application with the following code.

You are required to define maxAllowedContentLength in the security section. You can read more about the web.config file for ASP.NET Core here.

In order to create the reverse proxy between IIS and the Kestrel server, the web.config file must be present at the content root path (typically the app basepath) of the deployed app. This is the same location as the website physical path provided to IIS. This setting only applies to IIS.

Hosted on Kestrel (as standalone or with Ngnix and Apache server)

Starting in ASP.NET Core 2.0.0, Kestrel server also imposes its own default limits. There are 3 different ways to increase this default limit.

MVC Solution

If you want to change the max request body size limit for a specific MVC action or controller, you can use the RequestSizeLimit attribute. Like,

It sets the maximum allowed request length for this action method. You can apply this attribute at action level or controller level. This is the recommended approach to increase the limit in an ASP.NET Core MVC app.

There is another attribute DisableRequestSizeLimit applicable at the controller level or the action level to disable the size limit on the HTTP request. This will set the request limit to unlimited. Like,

This applies to any request for the entire application. The MaxRequestBodySize is a nullable long. Setting it to null disables the limit. Now you might be thinking why this doesn’t work for windows as IIS also uses Kestrel. The reason is, this setting is disabled for Kestrel running behind IIS where the normal web.config limit is applied. Though this is a global setting, it can be overridden on per-request basis via middleware.

Middleware solution

If you want to override the global setting based on a request basis, you can do it via middleware. This allows you to modify individual requests through some flexible configuration. Like,

Remember, this cannot be changed after the reading the request body has started. An exception is thrown if you try to configure the limit on a request after the app has started to read the request. There’s an IsReadOnly property that indicates if the MaxRequestBodySize property is in a read-only state, meaning it’s too late to configure the limit.

That’s it.

Summary

To summarize, this post provides the solution to increase the request limit size for ASP.NET Core application, covering all possible deployment options. Based on your deployment model, you are required to make configuration changes. Though, it would be ideal to have a single solution to increase the request limit, irrespective of the deployment option. Let’s hope things will change, but for now, we’ll have to follow this.

Thank you for reading. Keep visiting this blog and share this in your network. Please put your thoughts and feedback in the comments section.

PS: If you found this content valuable and want to return the favour, then